﻿# ----------------------------------------- #
# Web Application Proxy (WAP) Configuration #
# ----------------------------------------- #
param([string]$virtualMachineService, [string]$virtualMachineName)

Write-Information "Virtual machine '$virtualMachineName' Web Application Proxy '$($script.type)' configuration ... " -NoNewLine $true
$userName = $subscription.virtualMachines.adminUserName
$password = $subscription.virtualMachines.password
$netBiosDomain = $subscription.virtualMachines.netBiosDomain
$uri = Get-AzureWinRMUri -ServiceName $virtualMachineService -Name $virtualMachineName
$credential = New-Object System.Management.Automation.PSCredential(($netBiosDomain + "\" + $userName), (ConvertTo-SecureString $password -AsPlainText -Force))
$session = New-PSSession -ComputerName $uri[0].DnsSafeHost -Credential $credential -Port (Get-VirtualMachineInstanceEndpointPort $subscription $virtualMachineName) -UseSSL -Authentication Credssp
switch ($script.type)
{
	"Install"
	{
		Invoke-Command -Session $session -ScriptBlock {
			$result = Add-WindowsFeature Web-Application-Proxy -IncludeManagementTools -WarningAction Ignore
		}
	}
	"Configure"
	{
		Invoke-Command -Session $session -ScriptBlock {
			param([string]$federationService, [string]$certificateName, [string]$userName, [string]$password)
            $thumbprint = (Get-Item Cert:\LocalMachine\My\* | ? {$_.FriendlyName -eq $certificateName}).Thumbprint
            $credential = New-Object System.Management.Automation.PSCredential($userName, (ConvertTo-SecureString $password -AsPlainText -Force))
			Install-WebApplicationProxy -FederationServiceName $federationService -CertificateThumbprint $thumbprint -FederationServiceTrustCredential $credential | Out-Null
		} -ArgumentList $script.federationService, $script.certificateName, ($subscription.virtualMachines.netBiosDomain + "\" + $subscription.virtualMachines.adminUserName), $subscription.virtualMachines.password
	}
    "Add Application"
	{
		Invoke-Command -Session $session -ScriptBlock {
			param([string]$name, [string]$backendUrl, [string]$externalUrl, [string]$preAuthentication, [string]$certificateName, [string]$relyingParty, [string]$useOAuthAuthentication, [string]$backendServerSpn)
            if ((Get-WebApplicationProxyApplication -Name $name) -ne $null)
            {
                Remove-WebApplicationProxyApplication -Name $name
            }
            $thumbprint = (Get-Item Cert:\LocalMachine\My\* | ? {$_.FriendlyName -eq $certificateName}).Thumbprint
            Add-WebApplicationProxyApplication -Name $name `
                -BackendServerURL $backendUrl `
                -ExternalURL $externalUrl -ExternalCertificateThumbprint $thumbprint -ExternalPreAuthentication $preAuthentication `
                -ADFSRelyingPartyName $relyingParty `
                -DisableTranslateUrlInRequestHeaders:$false -DisableTranslateUrlInResponseHeaders:$false `
                -UseOAuthAuthentication:($useOAuthAuthentication -eq $true)
            if (![String]::IsNullOrEmpty($backendServerSpn))
            {
                Get-WebApplicationProxyApplication -Name $name | Set-WebApplicationProxyApplication -BackendServerAuthenticationSPN $backendServerSpn
            }
		} -ArgumentList $script.name, $script.backendUrl, $script.externalUrl, $script.preAuthentication, $script.certificateName, $script.relyingParty, $script.useOAuthAuthentication, $script.backendServerSpn
	}
	default
	{
		throw "Web Application Proxy type '$($script.type)' is not supported."
	}
}
Remove-PSSession $session
Write-Text "done."